Mail check fraud continues to be a serious problem facing consumers and banks and combatting this epidemic of fraud is a top priority for the security team here at New Tripoli Bank. This type of fraud occurs when someone steals uncashed checks, either from personal or Post Office mail boxes (i.e. the blue mailboxes), then "washes" the checks and alters them to cash out themselves or sells uncashed checks online. This leaves the person who wrote the check paying someone who is not the intended recipient.

New Tripoli Bank has put together a helpful infographic to help our customers who have been targeted by mail check fraud, which you can view here: https://www.newtripolibank.net/wp-content/uploads/2024/04/1709237178-AlteredChecksHandout.pdf 

What should you do when you fall victim to this type of fraud? Don’t beat yourself up! Anyone can fall victim to fraud and you shouldn’t feel stupid for being targeted by criminals. New Tripoli Bank is ready to help ensure your money and identity are kept safe from scammers.

1. Contact your bank and alert them that your personal financial information has been stolen.
2. Create a list of outstanding checks or any regular incoming or outgoing payments. You will need this information when you open a new account.
3. Visit your bank to close old accounts. New Tripoli Bank customer service representatives are trained to help customers close accounts that have been targeted by fraud and open new ones.
4. File a police report with your local police department.
5. Go to USPS.com to report stolen mail to the United States Postal Service or contact the U.S. Postal Inspector’s Office by calling 1-877-876-2455.

Where can I file complaints?

Consumer Financial Protection Bureau (CFPB)

Complaints can be filed with the CFPB at www.consumerfinance.gov/complaint/

The CFPB hears complaints about deposit accounts, credit cards, debt collection, and more.

You will be asked for dates, dollar amounts, and communications relevant to your complaint. You are allowed to attach documentation to prove your case.

Federal Reserve Board (FRB)

Complaints about financial institutions can be filed with the FRB at https://forms.federalreserveconsumerhelp.gov/secure/complaint/formComplaintIntro.html

You will be asked for identifying information, information on the financial institution you are reporting, and an explanation of how you feel your issue can be resolved.

Federal Trade Commission (FTC)

You can report scams to the FTC at https://reportfraud.ftc.gov/

You will be asked to provide information including how much money the scammer was paid, how the money was sent, the dates when money was sent, and how you were contacted.

We have recently been alerted to a new scam affecting consumers in our area that is a spin on classic phone phishing tactics. Here's the way the scam works:

You are contacted by someone posing as an employee of your financial institution or some other business with whom you have an account. The caller claims that your account has been hacked and asks you to type a series of numbers into the phone during the call. After entering the numbers, the call ends and you are suddenly unable to use your phone!

The way this works is the scammer will ask you to input the code *72 and a 10-digit phone number. When you input this into your phone and hit call, it automatically forwards all future calls to the 10-digit phone number you input after the *72. With your phone forwarding calls, the scammer is now free to commit fraud using your phone number and any attempts to contact you will be automatically rerouted to the scammer, allowing them to use your phone and identity for verification.

Here are steps you can take if you think you have been the victim of this scam:

• Dial *73 on your phone. This ends call forwarding to the other number.
• Check your accounts right away to ensure there has not been any fraud committed using your phone number. If you discover fraud, contact the business associated with any affected accounts to alert them to the situation.
• Whenever you receive a call from someone claiming to be from a specific bank or business and you are unsure whether the call is legitimate, end the call and contact the business directly using a known, publicly available number.

The newest scam involving malicious apps is a doozy. A cybercriminal will contact you impersonating a law enforcement officer, claiming that your bank account may be involved in financial fraud. They then ask you to download a mobile app to help them investigate further. Once you download the app, the cybercriminal walks you through several steps that set this scam in motion.

First, they give you a case number and ask you to search for that number in the app. When you search for the number, you'll find official-looking documents with your name on them. These are fake legal documents intended to make this interaction feel more legitimate. Once they have your guard down, the app will ask you to select your bank from a list and enter your account number and other personal information.

However, the most clever part of this scam is what the app is doing in the background. When you first install the app, it accesses your device's setting to block all incoming calls and text messages. By doing this, your bank will be unable to contact you about unusual behavior on your account. This gives the cybercriminals plenty of time to steal your money and sensitive information before you know what happened.

No matter how sophisticated these scammers become, you can stay safe from scams like this by following these simple tips:

Only download apps from trusted publishers. Anyone can publish an app on official app stores or sites, including cybercriminals.

Be cautious of scare tactics intended to prey on your emotions. Cybercriminals want to catch you off guard and trick you into revealing sensitive information.

If you're contacted by someone claiming to be in a position of authority, like law enforcement, ask for confirmation of their identity. Real officials will understand your concerns and can provide information without requiring you to download an app.

What is an Account Takeover?

Account takeover is an attack in which cybercriminals seize ownership of online accounts by using stolen passwords and usernames, then use these credentials to commit fraud. They purchase personal information via the dark web—information collected through social engineering or data breaches. This information provides the necessary credentials for a fraudster to pose as a consumer. With this information, scammers can trick a consumer's financial institution to make changes to their accounts or card settings. They may change phone numbers, emails, or passcodes, apply for increased limits, or change the account holder's PIN and/or travel exemptions to interfere with the institution's fraud-monitoring tools.

Schemes that Contribute to Account Takeovers

Skimming & Malware

Deployment of card skimmers or malware to point-of-sale terminals continues to be a widespread method for stealing data. Compared to years past, small local businesses are more likely to compromised and have their data harvested. Stolen data is then passed through remote, wireless technologies with increasing frequency. 

Phishing, Vishing & Smishing

Phishing, Vishing, and Smishing are methods of data theft that involve tricking consumers into revealing confidential information. These schemes use social engineering combined with modern technology to deceive consumers into revealing critical information while disregarding legitimate fraud warnings.

Phishing schemes are becoming both more frequent, more targeted (called "spear-phishing"), and more difficult to identify than in the past. They utilize email to trick consumers into revealing personal information such as passwords or credit card numbers. Rather than relying on suspicious links in poorly designed emails, phishing emails mimic legitimate websites and appear more polished and credible. By using URL shortening tools such as TinyURL, scammers make detection of suspicious links difficult for even the most keen-eyed of users. Red flags can include mistakes in hyperlinks, grammar or punctuation.

Smishing is the fraudulent practice of sending text messages claiming to be from reputable companies to induce consumers to reveal their personal information, such as passwords or credit card numbers. Vishing is the same fraudulent practice enacted via phone calls. In both instances, consumers may be sent a voice or text message with transaction details requesting confirmation from the consumer. When they respond, they may be questioned for account details or asked to call back and provide account information. In some instances, they are sent a one-time passcode and instructed to reply "No Fraud" to the message.

Malware

Malicious software is a significant threat to the security of financial data. One such type of malware is a Man-in-the-Browser attack, where malicious software is installed to a consumer's computer in the background when the user is downloading some otherwise innocuous file. The malware is then able to monitor and hijack user web sessions to transfer funds or harvest payment cards and online banking credentials, while redirecting the consumer to a fictitious error page. This type of malware often deploys automatically when a user visits a compromised website.

How Should Consumers Protect Themselves?

Preventing account takeover is a joint effort between your financial institution and yourself. There are steps you should take to ensure you don't end up the victim of identity theft.

• If you are concerned about an automated message, do not respond to the call, text, or email. Contact the company in question via their official customer service number listed on their website. Do not contact any number provided by a suspicious caller or message and do not click on any links.
• Respond quickly if you notice unexplained activity on your accounts or suspect you may have been the victim of a data harvesting scheme. Contact your financial institution immediately to help mitigate your losses.
• Always be aware of what information you choose to submit online and never easily provide access to your personal information.
• Maintain an up-to-date, secure operating system along with robust security and anti-malware software. Rely on multiple layers of protection and security tools.
• Keep your two-factor authentication codes private. Never provide them via phone, text, or email. These should only be used to sign into banking, merchant, or payment accounts when the consumer is actively trying to access it.

We have recently received a number of calls from New Tripoli Bank customers who have been contacted by someone claiming to be from the bank and asking for personal information. These calls show up on the customer's phone with the caller ID saying they are from New Tripoli Bank, but the actual phone number of the caller is not one associated with the bank.

This is a common tactic used by scammers to create a sense of trust in their targets, to make them more likely to give up information. We want to remind our customers that New Tripoli Bank will never request a customer's personal, confidential information (bank card number, account number, social security number, personal identification number, or password) through telephone contact. If you should ever receive a telephone call requesting your personal confidential information that appears to be from New Tripoli Bank, do not respond to the caller and contact us immediately at (610) 298-8811.

You can learn more about how to protect yourself by reading our articles on identity theft and frauds, scams and phishing along with other topics on our security page.

We have received an increasing number of reports in recent weeks of customers falling victim to a type of scam known as a tech support scam. In this type of scam, the victim encounters a pop-up on their computer that looks like a normal notification you would receive from your system or antivirus software, often using logos from trusted companies or websites. The notification warns you about a security issue on your computer and instructs you to either call a phone number for help or to click a link to a spoofed tech support page.

There are a number of things scammers will try to do in these types of scams:

Install malware on your computer. Scammers will pose as tech support in order to convince you to give them remote access to your computer and then pretend to run a diagnostic test. What they are actually doing is installing malware or keyloggers onto your device so they can steal your personal information.

Steal personal information. Scammers create phony websites that look like the real deal to prey on your trust and convince you to enter personal information into their fake site, which then allows them to steal your identity and commit fraud.

Ask for money. A scammer will pose as a tech support representative, pretend to fix whatever issue the pop-up claimed was wrong with your computer, and then charge you for their "service." If someone asks you to purchase gift cards as payment, it is definitely a scammer. Legitimate businesses will never ask for gift cards as payment.

If you receive a pop-up notification on your computer that includes a phone number or asks you to click a link, do not call the number or click the link! Security pop-up warnings from real tech companies will never ask you to call a phone number or click on a link. Legitimate tech companies will also never contact you by phone, email or text message to tell you there's a problem with your computer.

Your best defense against these types of scams is keeping your computer's security software up-to-date. If you think you are being targeted by a tech support scam, do not click on the notification and instead have your security system run a scan of your computer for malware. Should you need any help fixing a problem, go to someone you know and trust. Visit your manufacturer's website directly to find online support or a phone number for their tech support.

What To Do If You Were Scammed

If you gave the scammer remote access to your computer, update your computer's security software, then run a scan and delete anything the scan identifies as an issue.

If you gave login information a tech support scammer, change your passwords right away. Make sure you also change the password on any accounts or sites with the same password. Make sure you use a strong password.

If you paid a tech support scammer with your credit or debit card, contact the credit card company or your bank immediately. Tell them what happened and ask if they can reverse the charges.

If you paid with a gift card, contact the company that issued the gift card right away to see if they can refund your money. Remember: legitimate businesses will not ask for gift cards as payment!

The wave of mail check fraud and mail theft continues to affect communities throughout Lehigh County. In a recent news release, PA state police asked for public assistance to identify a vehicle connected with multiple thefts from residential mailboxes. The latest thefts took place on the 5100 block of Arrowhead Drive in North Whitehall Township, where police report two men in a maroon sedan stole mail from a mailbox. State troopers then responded to a second theft in the 7900 block of Saegersville Road in Heidelberg Township, where men in a maroon sedan were seen stealing mail from a mailbox. Authorities have asked that anyone with information related to these thefts contact state police at Bethlehem at (610) 861-2026.

As always, New Tripoli Bank recommends customers take steps to protect their sensitive financial information from mail theft and mail check fraud:

• Set up online bill pay using our online or mobile banking tools, if you feel comfortable doing so. You can learn more about setting up automated bill pay here.
• If you want to continue mailing checks, we recommend you drop them off at your local Post Office or hand them directly to a USPS employee.

We also advise our customers write their checks out in gel or felt tip pen to help prevent the check from being altered. If you plan to use a blue mailbox to mail checks, try to deposit your checks around the time of the last mail collection of the day so the check does not sit in the mailbox for long.

If you have been a victim of a scam, whether it be check fraud or another scam, please reach out to New Tripoli Bank at 610-298-8811 and we can help you. You can also contact the U.S. Postal Inspection Service at 1-877-876-2455 or visit https://www.uspis.gov/report to file a report.

For more information on mail check fraud,  you can watch our Helpful Hints video on the topic!

Scam artists are impersonating the Department of Revenue by sending Pennsylvania business owners fraudulent letters in the mail that direct them to turn over their accounting records. The goal of this ploy is to trick unsuspecting taxpayers into providing sensitive financial information, which the criminals behind the scheme can use for a number of illicit activities that could seriously harm a business' financial standing.  

"This is a prime example of fraudsters impersonating a government agency as they try to convince hardworking Pennsylvanians to turn over sensitive information about their businesses," Revenue Secretary Dan Hassell said. "We are urging Pennsylvania business owners to be on high alert if they receive a suspicious notice that includes the Department of Revenue name and logo. If you have any doubt at all about the legitimacy of a notice from the department, please use the contact information listed on our website, revenue.pa.gov. This is the best way to ensure you are speaking with a legitimate staff member at the Department of Revenue."

Understanding the Scam

The goal of this scam is to make the recipient of the letter believe they are being investigated by the Department of Revenue for an "alleged violation of delinquent sales tax liability." The letter also threatens taxpayers by saying penalties will be imposed on their accounts. Further, the letter includes contact information for a "Resolution Officer" and urges the business owner to provide accounting records prepared by a licensed professional, such as an attorney or CPA.

Providing this information allows the scammers to comb through the accounting records for sensitive information such as bank account numbers and other financial data, which could be used to make unauthorized transactions, request fraudulent tax refunds, and even apply for loans under the name of the business.

Although these counterfeit notices bear the department's name and logo, the notices include suspicious and inaccurate details that can help differentiate between a counterfeit notice sent by a scam artist and a legitimate notice sent by the Department of Revenue. Be on the lookout for notices that make dubious claims or include suspicious details. Here are some tips to keep in mind:

• The counterfeit notice does not include a return address. A notice from the Department of Revenue will always include an official Department of Revenue address as the return address.

• The counterfeit notice addresses the recipient as "Dear Business Owner." When the Department of Revenue attempts to contact a business through a notice in the mail, the notice typically addresses the business owner or business name.

• The counterfeit notice is sent by the "Pennsylvania Department of Revenue Tax Investigation & Enforcement Unit" and claims the business is "under investigation by the Pennsylvania State Revenue and Cash Disbursement Unit." While the department does conduct criminal tax investigations and tax enforcement, the units listed on the counterfeit notice are phony. Reach out to the department directly, as advised below, to determine if the "Unit" named exists.

• The counterfeit notice claims that the business has not registered their "entity with the Pennsylvania Department of State and The Sales and Use Tax Division." If you are an established business in Pennsylvania, it is likely that you already registered your business with the Pennsylvania Department of State and have registered for a sales tax license by completing the Department of Revenue's PA Online Business Entity Registration (PA-100).

Tips to Avoid This Scam

The Department of Revenue is encouraging Pennsylvanians to keep the following tips in mind to safeguard against this scam:

• Ensure You Are Speaking With Legitimate Representatives of the Department: This scam uses the Department of Revenue's name and logo to pose as a government entity. If you have any doubt at all about the legitimacy of a notice from the department, you should reach out to a department representative by using the Online Customer Service CenterOpens In A New Window. This allows the taxpayer to securely submit a question through a process that is very similar to sending an email.

• Examine the Notice: This counterfeit notice used vague language to cast a wide net to lure in as many victims as possible. Examine the notice for identifying information that can be verified. Look for blatant factual errors and other inconsistencies. If the notice is unexpected and demands immediate action, take a moment, and verify its legitimacy.

• Conduct Research Online: Use the information in a potentially counterfeit notice, such as a name, address or telephone number, to conduct a search online. The Department of Revenue's website, revenue.pa.gov, is the best source to verify information contained in a legitimate notice from the department. 

Steps To Follow if You Have a Question

If you are concerned about a potentially fraudulent notice, please visit the department's Verifying contact by the Department of Revenue webpage for verified phone numbers and contact information. This will help you ensure that you are speaking with a legitimate representative of the department.

Ever since Amazon took off and Facebook launched its marketplace, it seems like the only way to shop is online. Scammers have taken notice and they are constantly trying new schemes to trick careless online shoppers out of money or their private information. The latest scam on the digital marketplace involves payment apps and phony buyers on the Facebook Marketplace who "need" you to update your Zelle, CashApp, or other digital wallet in order to accept money from them.

Here's how it works...

After listing a big-ticket item on the Facebook Marketplace, you are contacted by a buyer who wants to pay using a peer-to-peer payment app. While recent reports reference Zelle, this scam can involve any digital wallet like CashApp, Venmo, or any similar service.

Shortly after receiving a payment, you get an email supposedly from whichever app you used to transfer money. The email will claim the buyer paid via a "business account" and state that you need to upgrade your account to business status to accept the transfer. The "buyer" will offer to send more money to cover the costs of this upgrade as long as you promise to refund them, sending screenshots of their digital wallet with the money deducted from their account. Then the scammer will begin pressuring you into repaying them for these phony fees.

Here's the rub: the initial payment was never sent in the first place! You'll be out a few hundred dollars and the scammer will disappear.

How you avoid scams when selling online:

Don't trust anyone offering to overpay. Unless your item is particularly rare and receive multiple offers over the asking price, be wary of buyers offering you more than you're asking. People tend to shop online to save money, not overspend!

Check email addresses carefully. This goes for any email that you receive, but if you receive an email from a digital wallet company you use, be sure to double-check that the address is legitimate. Scammers will fake addresses that appear similar to official ones unless you look very closely.

Get to know your payment app's policies before use. If you receive a claim that you need to upgrade your account to accept payments, check the app's official website or contact customer service before spending or sending any money. Scammers often make up fake rules or policies to trick their victims.

When in doubt, back out. You are not obligated to accept an offer when selling on Facebook Marketplace. Keep an eye out for common red flags that you are being scammed and don't be afraid to block and/or report someone who you think might be trying to scam you or others.

Report scammers to Facebook Marketplace. If you spot a seller trying to pull off a scam or fall victim to one yourself, report them. Your report can help protect other users.